General
-
Target
b2fb8c2cba891eb0a56e5fdacf61b25c3f96885de5a65392f26041a68b2aad3b.zip
-
Size
51KB
-
Sample
230329-nb4geaga65
-
MD5
095629f20794d15b501705b6c305f0d5
-
SHA1
ccfbfa447112509fbcdef3a4eb3e4ff6d8077dcc
-
SHA256
a3aaffa49f6ca8c4baff028eaa44168e2762cf69904f6c94370a06106d72c47b
-
SHA512
a6e0753ca9b020b04fa76ff3c57a637da7c52c610f3800be11db7955d18b8df5ae2bd9971698b6b8dd8d97e56162c3a0c7d2d2df37c61da9443ef546bf2a0f12
-
SSDEEP
1536:CfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBO:2+MHQFHvtKLvhuBO
Behavioral task
behavioral1
Sample
b2fb8c2cba891eb0a56e5fdacf61b25c3f96885de5a65392f26041a68b2aad3b.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
b2fb8c2cba891eb0a56e5fdacf61b25c3f96885de5a65392f26041a68b2aad3b
-
Size
175KB
-
MD5
a5c90ba8bb641ad252a59c4c75c4c2ad
-
SHA1
941e7b7561dc28d52c72036069b87949934f6e90
-
SHA256
b2fb8c2cba891eb0a56e5fdacf61b25c3f96885de5a65392f26041a68b2aad3b
-
SHA512
3255fff24746109341d3d7c7953ae78cc99cf8dfff5583980c6cbebc291f6fa760fcbbb8c6486c569a9ac72b2922f1357af538aa5bb8f147471770b021eb07f5
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-